CVE-2025-13639
BaseFortify
Publication date: 2025-12-02
Last updated on: 2025-12-08
Assigner: Chrome
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| chrome | to 143.0.7499.40 (exc) | |
| chrome | to 143.0.7499.40 (exc) | |
| apple | macos | * |
| microsoft | windows | * |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an inappropriate implementation in WebRTC in Google Chrome versions prior to 143.0.7499.41 that allows a remote attacker to perform arbitrary read and write operations by using a specially crafted HTML page.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability could read and write arbitrary data remotely through a crafted HTML page, potentially leading to unauthorized access or modification of information within the affected browser.
What immediate steps should I take to mitigate this vulnerability?
Update Google Chrome to version 143.0.7499.41 or later to fix the vulnerability in WebRTC that allows arbitrary read/write via a crafted HTML page.